Failure to validate the size of a variable before writing it to memory could result in which of the
following application attacks?

A.
Malicious logic

B.
Cross-site scripting

C.
SQL injection

D.
Buffer overflow

Explanation:
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary
data storage area) than it was intended to hold. Since buffers are created to contain a finite
amount of data, the extra information – which has to go somewhere – can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally
through programming error, buffer overflow is an increasingly common type of security attack on
data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger
specific actions, in effect sending new instructions to the attacked computer that could, for
example, damage the user’s files, change data, or disclose confidential information.
Validating the size of a variable before writing it to memory will ensure that the variable can fit into
the buffer. Failure to validate the size of a variable before writing it to memory can result in a buffer
overflow.